Primary

Context

Lunary Improper Access Control Vulnerability Allowing Unauthorized Access to User Prompt Data

Vulnerability

Patched

An improper access control vulnerability has been identified in Lunary AI's application, specifically in versions prior to 1.6.3. The issue allows users to access prompt data belonging to other users. This vulnerability, present in version 1.6.2 and the main branch, enables unauthorized individuals to view sensitive prompt information by navigating to specific URLs, potentially leading to the exposure of critical data.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive user prompt data, allowing for the potential misuse or exposure of critical information.

Remediation

Users can update to Lunary version 1.6.3 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.6

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.6

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Lunary Improper Access Control Vulnerability Allowing Unauthorized Access to User Prompt Data

Vulnerability

Impact

Remediation

Affected Products

lunary-ai/lunary

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating